Smart Cards for Banking and Finance
The banking industry managed global payment for consumers over several decades using magnetic stripe card technology. Fraud has always been an issue to manage and it grows over time with the increase of card usage. This coupled with fresh technologies on the horizon led to the adoption of smart card technology to bear down on fraud and open the way for new forms of payment. The major Payment System operators developed a global specification (EMV) describing the technical and security requirements for the physical card to terminal environment, whilst other initiatives addressed contactless opportunities and Internet Payment. This chapter looks into the technical and security details of the EMV specifications along with aspects of the additional security in e-commerce and enhanced smart card-based authentication .
KeywordsPayment cards Magnetic stripe cards EMV Chip PIN Dynamic passcode CNP 3D secure E-commerce Token authentication
- 1.Wonglimpiyarat. Strategies of Competition in the Bank Card Business: Innovation Management in a Complex Economic Environment. Sussex Academic Press, 2004.Google Scholar
- 2.Karl Brinkat, David Main. Smart cards for secure banking & finance. Presentation in the MSc in Information Security, Royal Holloway University of London.Google Scholar
- 3.Europay-MasterCard-Visa. Emv’96 integrated circuit card specification for payment systems, version 3.0, from https://www.emvco.com/specifications.aspx?id=63, 1996, (accessed: May 24th 2016).
- 4.EMV Books 1–4 Version 4.1 2004. https://www.emvco.com/specifications.aspx, (accessed: May 24th 2016).
- 5.Visa, “Secure With Visa-Card Verification Value 2” http://www.visa.ca/en/personal/securewithvisa/cardverify.jsp, (accessed: May 24th 2016).
- 6.Card Watch “Types of Card Fraud” http://www.cardwatch.org.uk/, (accessed: May 24th 2016).
- 7.BBC, “Carphone Warehouse in customer data breach”, http://www.bbc.co.uk/news/uk-33835185, (accessed: May 24th 2016).
- 8.Krebs, B., “Hyatt Card Breach Hit 250 Hotels in 50 Nations”, http://krebsonsecurity.com/2016/01/hyatt-card-breach-hit-250-hotels-in-50-nations/, (accessed: May 24th 2016).
- 9.Finextra, “Global Payments breach extends to merchant accounts” https://www.finextra.com/news/fullstory.aspx?newsitemid=23803, (accessed: May 24th 2016).
- 10.Microsoft, “Antivirus Defense-in-Depth Guide”, Microsoft technet 2011, https://technet.microsoft.com/en-us/library/cc162791.aspx, (accessed: May 24th 2016).
- 11.Mastercard, “Mastercard SecureCode”, https://www.mastercard.us/en-us/consumers/features-benefits/securecode.html, (accessed May 24th 2016).
- 12.Visa, “Verified by Visa”, https://www.visaeurope.com/making-payments/verified-by-visa/, (accessed May 24th 2016).
- 13.Mel H and Baker D., “Cryptography Decrypted” chapter 20 pages 215–227, Addison Wesley ISBN 0-201-61647-5, 2001.Google Scholar
- 14.Schneier B, “Applied Cryptography”, page 170–173, Wiley ISBN 0-471-12845-7, 1996.Google Scholar
- 15.Xiring “Teo reader”, http://www.teobyxiring.com/, (accessed: May 24th 2016).
- 16.Visa, “Dynamic Passcode Authentication”, https://www.visa.gr/media/images/dynamicpasscodeauthentication-42-6506.pdf, (accessed: May 24th 2016).
- 17.Mastercard, “Mastercard Authentication Solutions”, https://www.mastercardconnect.com/mol/molbe/public/login/ebusiness/smart_cards/one_smart_card/biz_opportunity/cap/index.jsp, (accessed: May 24th 2016).
- 18.Konstantinos Markantonakis, Keith Mayes, Fred Piper, “Smart Card Based Authentication-Any Future”, Computers & Security (2005), Elsevier Issue No 24, pages 188–191.Google Scholar
- 19.Racal Guardata “Watchword datasheet” 1992, http://www.anagram.com/berson/watchword.pdf, https://tfl.gov.uk/fares-and-payments/contactless?intcmp=8257.
- 20.Transport for London “Contactless” https://tfl.gov.uk/fares-and-payments/contactless?intcmp=8257, (accessed: May 24th 2016).
- 21.Apple Pay, http://www.apple.com/uk/apple-pay/, (accessed: May 24th 2016).
- 22.Android Pay, https://www.android.com/intl/en_uk/pay/, (accessed: May 24th 2016).